CODEWITHSUNDEEP
ruby-on-railsruby-on-rails-4
Papouche Guinslyzinho
Papouche Guinslyzinho

Reputation: 5448

Rails ActiveModel::ForbiddenAttributesError

rarils 4.0.0 I'm trying to post a comments but I have an error:

ActiveModel::ForbiddenAttributesError in CommentsController#create ActiveModel::ForbiddenAttributesError

def create
@comment = @article.comments.new(params[:comment]) #error point highlight this line

Parameters
{"utf8"=>"✓",
 "authenticity_token"=>"zSq3KpEbucFQLa6XStEJ/I0+CpKPLFYcU/WGIdneeMg=",
 "comment"=>{"name"=>"g12345",
 "email"=>"[email protected]",
 "body"=>"hello hello"},
 "commit"=>"Add",
 "article_id"=>"5"}

my comments/new.html.erb

<%= form_for([@article, @article.comments.new], remote: true) do |f| %>
<%= tag(:input, :type => "hidden", :name => request_forgery_protection_token.to_s, :value => form_authenticity_token) %>
<div class="field">
<%= f.label :name %><br />
<%= f.text_field :name %>
</div>
<div class="field">
<%= f.label :email %><br />
<%= f.text_field :email %>
</div>
<div class="field">
<%= f.label :body %><br />
<%= f.text_area :body %>
</div>
<div class="actions">
<%= f.submit 'Add' %>
</div>
<% end %>

Upvotes: 1

Views: 273

Answers (1)

CDub
CDub

Reputation: 13344

Rails 4 uses strong parameters by default. Do you have something like:

params.require(:some_param).permit(...)

or

params.permit(:list, :of, :allowed, :params)

in your CommentsController?

It would look something like this:

class CommentsController < ApplicationController

  def create
    @comment = @article.comments.new(comment_params) #error point highlight this line
  end

  private

  def comment_params
    params.require(:comment).permit(:name, :email, :body)
  end

end

Upvotes: 1

Related Questions